Black Hat: Cybersecurity Is More Than A Tech Problem

Cybersecurity was once seen as purely a matter of technology, but more and more, security experts are bundling issues such as personal privacy, politics, business, ethics and risk into the package. A recent report by Black Hat on the current state of cybersecurity shows how the concerns, attitudes and plans of top security pros are adapting to keep pace with evolving threats.

Black Hat has conducted this survey annually since 2015, with the most recent survey being conducted in May of 2018. Three hundred and fifteen cybersecurity professionals were interviewed, including chief information officers, chief technology officers and researchers in sectors such as financial services, government and healthcare.

What the firm found was that experts are concerned. Whether it’s data misuse, GDPR, cyber-interference in politics, cryptocurrency or any number of other security challenges, more than half of respondents are very concerned — and less than 20 percent feel the industries and governments affected will be prepared to respond effectively if there is a significant breach.

In terms of data misuse, a scant 26 percent of respondents felt that it would be possible for individuals to protect their online identity and privacy going forward. That opinion is driven by recent issues with social networks — Facebook comes to mind after it made headlines for oversharing user data with data brokers — as well as the seemingly endless flood of data breaches, leaks and compromises.

Coming from cybersecurity experts, many of whom are responsible for protecting the data at issue here, that’s a pretty depressing statistic. Consumers may not be great at protecting their own data, but if the professionals responsible for doing so on their behalf feel this way, it paints a rather hopeless outlook.

GDPR, the European Union’s new General Data Protection Regulation, went into effect in May and is at the top of the to-do list for many, with 40 percent calling it a top time-consumer. That means experts are focusing heavily on compliance with the new regulation, with lofty fines for noncompliance, at the potential expense of protecting against targeted attacks or insider data leaks.

As for cyber-political influence, more than half of respondents believed that Russian cyber initiatives heavily impacted the outcome of the 2016 U.S. presidential election, and nearly three-quarters felt that recent activity from Russia, China and North Korea was making U.S. enterprise data less secure.

Only 13 percent felt that the U.S. government was prepared to respond effectively to a significant cyber threat. Interestingly, though, more experts were concerned about a financially motivated cyberattack than a politically motivated one.

Finally, in the case of cryptocurrency, respondents showed a great deal of interest and concern around this popular form of decentralized, blockchain-based currency. Forty-three percent said investing in bitcoin and other cryptocurrencies is not a good idea, period — even for investors who know what they’re doing.

Only 15 percent of respondents said they participate in cryptocurrency buying and selling, and even fewer — 12 percent — said they participate in cryptocurrency mining.

The concern is not about security pros tapping their own enterprise systems to gain additional processing power — only 5 percent cited that as a top concern. Rather, while some see cryptocurrencies as a boon to currency exchange, others view it as a threat to currency trading.

Black Hat concludes that the problem of cybersecurity has gotten much, much bigger than ever before. Experts must brace against increasingly sophisticated attacks that are impacted by a myriad of factors, both internal and external, on a local and global scale.